In the wake of the Government’s proposed ‘Snoopers’ Charter’, Open Rights Group ask why intrusive new laws are being suggested, if they are needed at all and what the alternatives are. This is an extract from their recent report on the matter.

Surveillance is part of our security policy. Some politicians will have you believe that there is only one aim: to keep people, institutions and the community safe.

But there are two others: to protect the essential values of society (freedom of speech, open and fair judicial processes, right to dissent, privacy such that the state only intrudes when provably necessary), and to deliver value for money.

Surveillance law is about balancing competing objectives, not absolutes. But for lazy politicians it seems simpler to use the scare language of paedophilia, terrorism and “lives lost” than to make the nuanced arguments of managing risks.

There are particular problems in getting to grips with how far surveillance capabilities and technologies have changed – and the implications.

Over 80% of the UK population has access to the Internet from home and each UK household on average owns three Internet-enabled devices, all creating digital records.

All mobile phones will contain some records of calls made and received and copies of SMSs made and received. While the phone is switched on, it constantly re-registers its presence with the nearest mast; this archive of an individual’s detailed movements is retained for 12 months.

At the same time the availability of Closed Circuit Television (CCTV) has expanded greatly, in terms of the quantity of cameras and quality of images. The national DNA database is one of the world’s largest, with profiles on an estimated 5,570,000 individuals.

Police operate a national automatic number plate recognition system (ANPR), which by March 2011 was receiving 15 million sightings daily. A national fingerprint database contained 8.3m individuals’ prints in April 2010. The Oyster card is another method for tracking movements of people in London.

At the same time, commercial companies have built up their databanks. Some companies – Google, Facebook, twitter – base almost their entire business on acquiring and then monetising personal data.

Once all data is digital, software can combine and produce visualisations; the more data there is, the greater the granularity of the resulting analysis – and the greater the intrusion, far more than was ever envisaged when necessity and proportionality tests were applied to the original streams of evidence.

The practical problems for politicians are extensive.
· It is much easier to make incremental legal patches than fundamental changes. It is also easier for promoters to claim that a proposed change is almost negligible – “maintaining capability”.

· Legislators need knowledge of how investigations take place, the techniques and resources used and where the costs occur.

· Legislators need knowledge of the technical capabilities of surveillance technologies. Law enforcers will say they are reluctant to provide detail in public for fear of alerting their targets.

· A similar need for secrecy is invoked when there are public demands for detailed breakdowns of costs.

· Legislators need to understand the nature and extent of the threats surveillance laws are meant to mitigate. If we take the last time anyone died from terrorism, 2005, when “7/7” occurred with 52 victims, in that particular year you were over 61 times more likely to die in a road crash and 72 times more likely to incur a fatality in the home than to be killed in a terrorist atrocity. There has been approximately one serious terrorist attempt per year since then, all so far caught in time because the processes of sourcing material, establishing a bomb factory and recruiting personnel all create risks of detection for the actors.

Law enforcement and security agencies are expected to deliver public safety and successful prosecutions against budgets for resources and powers, which they will regard as inadequate. If politicians use the language of absolutes as opposed to managing risk, police and the security services do likewise.

Police and the security services follow the same course as all lobbyists: exaggerate and demand more than they need. And there is a particular advantage in doing so. In the wake of a large disaster that they have been unable to prevent, they are able to point to an audit trail of requests for powers and resources denied.

And politicians know this.

—
Peter Sommer is currently a Visiting Professor at De Montfort University and a Visiting Reader at the Open University. His research interests and publications include cyber security, cyberwarfare and the reliability of digital evidence.

” There are particular problems in getting to grips with how far surveillance capabilities and technologies have changed – and the implications.”

Indeed. It is bad enough that our own lot spy on us, but how many people would be shocked to know that the U.S. government run a tracking program with full access to every UK financial transaction through the SWIFT interbank financial transactions database. It is called The Terrorist Finance Tracking Program (TFTP). SWIFT is the mechanism that financial institutions use to communicate and send payment orders to each other. The U.S. government with TFTP and access to SWIFT can if they so wish track every payment order without ever going near a UK court.

They are obviously not interested in most people but if they wanted to an agent in Washington could easily check every transaction payment order related to anyone’s bank account in the UK. Just last year the U.S. Treasury seized $26,000 in transit from a bank in Denmark to a bank in Germany. Terrorism? No. A Danish businessman was just paying for Cuban cigars from a German supplier. Well, according to the U.S. Treasury two Europeans with no connection to the U.S., were still in violation of their economic embargo against Cuba because that is where the cigars originated. The U.S. really do see themselves as having global jurisdiction. When it comes to banks they do have de facto global jurisdiction because no bank will risk being locked out of dollar settlement by challenging the U.S. authorities.

If all this official surveillance of digital media had been available when Richard Nixon was US president, the Watergate break-in at the HQ of the Demcrat Party would have been completely unnecessary.

What is preventing an official snooper, who comes across domestic political intelligence in the search for paedophile and terrorist communications, from passing information gained to a political party of the opposite inclination?

As Dr Goebbels used to say: Those who have nothing to hide, have nothing to fear.